CVE-2008-1151 — Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3994 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.9%

top 24.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedMar 27

Latest updateMay 1

Description

Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios12.2

🔴Vulnerability Details

GHSA

GHSA-5247-6v69-x2p9: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12↗2022-05-01

▶

CVEList

CVE-2008-1151: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12↗2008-03-27

▶

📋Vendor Advisories

Cisco

Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability↗2008-03-26

▶